Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/5exJt2MZu2jwtzqZAf1Fb52uuCA.roa
File:                     5exJt2MZu2jwtzqZAf1Fb52uuCA.roa (raw, json)
Hash identifier:          ZBxSybIcJjf3CHqQjgVS2kWYqt7YVpICayBJncepY8E=
Subject key identifier:   E5:EC:49:B7:63:19:BB:68:F0:B7:3A:99:01:FD:45:6F:9D:AE:B8:20
Certificate issuer:       /CN=56b98f83ccbda7c19f004151c98b57c59d268f54
Certificate serial:       0190794A1CE08AFA2772CFB03EB5B460BCB6
Authority key identifier: 56:B9:8F:83:CC:BD:A7:C1:9F:00:41:51:C9:8B:57:C5:9D:26:8F:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/5exJt2MZu2jwtzqZAf1Fb52uuCA.roa
Signing time:             Wed 03 Jul 2024 15:50:18 +0000
ROA not before:           Wed 03 Jul 2024 15:50:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215427
IP address blocks:        2a0e:a780::/29 maxlen: 29
                          2a10:9600::/29 maxlen: 29
                          2a13:b840::/29 maxlen: 29
                          2a13:c0c0::/29 maxlen: 29
                          2a13:c140::/29 maxlen: 29
                          2a13:d240::/29 maxlen: 29
                          2a13:d2c0::/29 maxlen: 29
                          2a13:ddc0::/29 maxlen: 29
                          2a14:35c0::/29 maxlen: 29
                          2a14:5740::/29 maxlen: 29

Validation:               Failed, certificate revoked on Thu 08 Aug 2024 20:27:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:79:4a:1c:e0:8a:fa:27:72:cf:b0:3e:b5:b4:60:bc:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=56b98f83ccbda7c19f004151c98b57c59d268f54
        Validity
            Not Before: Jul  3 15:50:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e5ec49b76319bb68f0b73a9901fd456f9daeb820
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:ad:fe:5a:9a:b2:a8:70:f4:af:ed:8b:b9:5a:
                    c2:c3:3b:af:32:5d:4a:99:a0:f2:8f:96:f6:d2:24:
                    2f:b3:86:2b:8d:e5:bb:fb:48:fa:e5:ef:a7:5b:e2:
                    f9:16:fb:bf:99:bf:4d:95:e4:b4:5b:e9:ab:a9:37:
                    48:a6:50:17:dd:c6:38:d1:c1:5f:ae:89:04:35:fa:
                    ef:e5:c6:e8:47:62:38:89:fd:80:f9:1a:da:9b:39:
                    de:80:03:bc:eb:02:b6:a2:ce:e7:b4:ca:40:2c:bc:
                    f4:98:ad:d8:77:08:04:2f:29:e4:0b:83:62:97:04:
                    8d:2d:1a:8f:c7:4e:d6:1d:34:f5:eb:0d:f0:44:31:
                    81:fd:72:d3:e9:d9:e3:db:2c:3f:62:ce:33:8e:3b:
                    0a:15:d6:2b:04:80:23:16:9a:e9:c4:34:1c:77:d6:
                    43:10:3c:cd:c7:b6:77:9d:57:da:53:35:5f:2e:02:
                    18:d2:7f:3b:f7:45:83:01:05:9d:32:b5:24:4a:7e:
                    12:3d:05:8c:41:4d:b6:5a:1f:eb:1e:1b:d3:1c:cd:
                    d0:6c:0a:76:43:86:f2:89:a7:d8:05:f6:d3:8b:e1:
                    fc:25:e3:d8:57:f7:f6:85:3d:a1:d5:5a:37:06:6d:
                    68:80:51:c3:45:bd:c4:9e:f1:8a:22:ce:72:29:e6:
                    e4:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:EC:49:B7:63:19:BB:68:F0:B7:3A:99:01:FD:45:6F:9D:AE:B8:20
            X509v3 Authority Key Identifier:
                keyid:56:B9:8F:83:CC:BD:A7:C1:9F:00:41:51:C9:8B:57:C5:9D:26:8F:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/5exJt2MZu2jwtzqZAf1Fb52uuCA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:a780::/29
                  2a10:9600::/29
                  2a13:b840::/29
                  2a13:c0c0::/29
                  2a13:c140::/29
                  2a13:d240::/29
                  2a13:d2c0::/29
                  2a13:ddc0::/29
                  2a14:35c0::/29
                  2a14:5740::/29

    Signature Algorithm: sha256WithRSAEncryption
         4d:0f:54:e7:47:bd:d4:03:1c:21:61:69:4a:40:67:b4:b2:0e:
         b6:31:fe:72:d5:1c:23:f6:94:64:15:7a:50:51:14:a9:8a:0f:
         56:67:8b:41:c2:86:13:6f:f4:ee:7b:33:ea:d6:86:b8:0d:4c:
         ca:35:f7:67:50:a3:b6:b5:92:74:57:cd:f6:41:4a:50:49:54:
         12:a5:8d:f5:43:04:e3:66:49:8f:8b:14:73:c9:6e:7d:0b:40:
         aa:ba:90:bd:99:e7:b4:09:47:9c:b6:db:8b:cd:0e:19:f8:9e:
         3d:f3:dd:dc:c0:86:18:42:de:53:86:fd:b8:96:92:78:7b:25:
         b7:83:aa:c0:2d:90:6f:73:a6:1a:77:3b:8c:b3:67:d3:87:3f:
         a0:e5:e1:d0:4a:1f:75:82:a7:10:f9:de:d5:9f:12:c9:80:5a:
         6c:1a:bc:9c:64:d9:e0:09:e2:bb:06:e4:f8:ae:83:fb:55:98:
         b3:12:ab:a2:d6:24:19:b9:53:68:99:5e:16:68:b7:6a:3c:ec:
         d0:ec:60:f6:98:d2:8d:c1:6d:7b:b2:ce:a9:46:83:3a:c6:90:
         de:64:d7:31:20:2a:ce:35:33:a8:55:df:c8:72:b0:8c:94:d5:
         8d:99:e2:6d:75:76:1b:a2:05:41:ff:90:31:65:32:0b:64:57:
         3f:c1:87:cf
-----BEGIN CERTIFICATE-----
MIIFPTCCBCWgAwIBAgISAZB5Shzgivoncs+wPrW0YLy2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU2Yjk4ZjgzY2NiZGE3YzE5ZjAwNDE1MWM5OGI1N2M1OWQy
NjhmNTQwHhcNMjQwNzAzMTU1MDE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNWVjNDliNzYzMTliYjY4ZjBiNzNhOTkwMWZkNDU2ZjlkYWViODIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA363+WpqyqHD0r+2LuVrCwzuvMl1K
maDyj5b20iQvs4YrjeW7+0j65e+nW+L5Fvu/mb9NleS0W+mrqTdIplAX3cY40cFf
rokENfrv5cboR2I4if2A+RramznegAO86wK2os7ntMpALLz0mK3YdwgELynkC4Ni
lwSNLRqPx07WHTT16w3wRDGB/XLT6dnj2yw/Ys4zjjsKFdYrBIAjFprpxDQcd9ZD
EDzNx7Z3nVfaUzVfLgIY0n8790WDAQWdMrUkSn4SPQWMQU22Wh/rHhvTHM3QbAp2
Q4byiafYBfbTi+H8JePYV/f2hT2h1Vo3Bm1ogFHDRb3EnvGKIs5yKebklQIDAQAB
o4ICSTCCAkUwHQYDVR0OBBYEFOXsSbdjGbto8Lc6mQH9RW+drrggMB8GA1UdIwQY
MBaAFFa5j4PMvafBnwBBUcmLV8WdJo9UMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVnJtUGc4eTlwOEdmQUVGUnlZdFh4WjBtajFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My84Y2I5MzUtNzFhMy00ZGIzLTlmM2Yt
N2FhN2ZjMzU5NjU1LzEvNWV4SnQyTVp1Mmp3dHpxWkFmMUZiNTJ1dUNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My84Y2I5MzUtNzFhMy00ZGIzLTlmM2YtN2FhN2ZjMzU5NjU1
LzEvVnJtUGc4eTlwOEdmQUVGUnlZdFh4WjBtajFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF8GCCsGAQUFBwEHAQH/BFAwTjBMBAIAAjBGAwUDKg6ngAMF
AyoQlgADBQMqE7hAAwUDKhPAwAMFAyoTwUADBQMqE9JAAwUDKhPSwAMFAyoT3cAD
BQMqFDXAAwUDKhRXQDANBgkqhkiG9w0BAQsFAAOCAQEATQ9U50e91AMcIWFpSkBn
tLIOtjH+ctUcI/aUZBV6UFEUqYoPVmeLQcKGE2/07nsz6taGuA1MyjX3Z1CjtrWS
dFfN9kFKUElUEqWN9UME42ZJj4sUc8lufQtAqrqQvZnntAlHnLbbi80OGfiePfPd
3MCGGELeU4b9uJaSeHslt4OqwC2Qb3OmGnc7jLNn04c/oOXh0EofdYKnEPne1Z8S
yYBabBq8nGTZ4Aniuwbk+K6D+1WYsxKrotYkGblTaJleFmi3ajzs0Oxg9pjSjcFt
e7LOqUaDOsaQ3mTXMSAqzjUzqFXfyHKwjJTVjZnibXV2G6IFQf+QMWUyC2RXP8GH
zw==
-----END CERTIFICATE-----